A study in learning Powershell: Part 1

Recently at work, I decided to step up on a project that was having a bit of delays due to perhaps to an indecision on how to proceed with a bit of dilemma with limits with a product Citrix Sharefile and  Active Directory groups.

The way that Citrix Share file works is that it uses an Active Directory security group as a reference group and synchronizes it to its own group.

What had happened is that the product Citrix Share file had a hard limit of 2000 users in one Active Directory group to synchronize. The Active Directory Group that the client decided to synchronize with has 2993 members in it….993 members over!

I later found out that for whatever reason they were adamant that they base their synchronization on one existing group. I will refer to this as the “Master group” for the rest of this post.

So there was the dilemma..the project was halted for a few months as they had to come up with an alternate solution in the latter part of the year.

I was watching on the sidelines and coming up to the end of the year and beginning of this year I decided to take action with the use of Powershell and the Active Directory modules.

Currently the first thing that I typically do before scripting anything is I try to visualize in my mind what has to happen if everything was done manually….then  this helps me to decide what cmdlets that I am going to use, the variables in the scripts and then finally the structure and comment based help documentation.

In my mind the end goal i this script that I wanted the script to achieve was to synchronize the groups together from the master group and then sync it with three sub groups based off the users last name. Later my boss said that it would be a good idea to send a email report stating what it had done. *NB the subgroups I will refer to as Subgroup_AH,Subgroup_IP, and Subgroup_Q-Z.

So I had to deal with Active Directory groups, logic that has to sync….and mail functions..and not to mention that they had to be split up into three different groups. So off I went to use Get-Command and Get-Help to get the pieces I was looking for . I was familiar with the commands for active groups and its members, but if I had looked for it  I would have used something like:

Get-Command -noun *group -module activedirectory

The following results came up:

CommandType     Name                                               Version    Source
———–               —-                                                   ——-    ——
Cmdlet          Get-ADAccountAuthorizationGroup    activedirectory
Cmdlet          Get-ADGroup                                  activedirectory
Cmdlet          New-ADGroup                                 activedirectory
Cmdlet          Remove-ADGroup                          activedirectory
Cmdlet          Set-ADGroup                                  activedirectory

Aha, the cmdlet that I am looking for is Get-ADgroup. Looking at the help I could see that it was referring to the actual group name….but what about its users in the group? So now that I knew that the active directory modules used ADGroup as a noun I did another search:

get-command *adgroup*

The results coming back with:

CommandType     Name                                               Version    Source
———–     —-            ——-                                                          ——
Cmdlet          Add-ADGroupMember                      activedirectory
Cmdlet          Get-ADGroup                                        activedirectory
Cmdlet          Get-ADGroupMember                       activedirectory
Cmdlet          New-ADGroup                                     activedirectory
Cmdlet          Remove-ADGroup                              activedirectory
Cmdlet          Remove-ADGroupMember             activedirectory
Cmdlet          Set-ADGroup                                        activedirectory

Bingo! Now I know that using Get-ADGroup, Get-ADGroupmember, Add-ADGroupMember, and Remove-ADGroupMember would play a key part of writing my script.  Reading through the help of both these cmdlets I could see that I could pipe through Get-ADGroup results through to Get-ADGroupMember to get the users. This would also be very handy.

Now was to find a way to extract users from a particular range from their last name. I couldn’t find an existing cmdlet so I decided to create my own function…and then use that as a cmdlet in my script. In my next post on this topic I will talk about my creation of my custom function.

I hope this post has helped someone learning the Shell. 😉

Part  2 of this series is coming…

One thought on “A study in learning Powershell: Part 1”

Leave a Reply

Your email address will not be published. Required fields are marked *